Internet kill switch
The examples and perspective in this article deal primarily with the United States and do not represent a worldwide view of the subject. (July 2018) (Learn how and when to remove this template message)
The concept behind having a kill switch is based on creating a single point of control (i.e. a switch) for a single authority to control or shut down the Internet in order to protect it or its users. Groups such as the American Civil Liberties Union and the Nominet Trust have criticized proposals for implementing the idea so far.
The prospect of cyberwarfare over the 2000s has prompted the drafting of legislation by US officials, but worldwide the implications of actually "killing" the Internet has prompted criticism of the idea in the United States. During the Arab Spring in Tunisia, Egypt, and Libya access to the Internet was denied in an effort to limit peer networking to facilitate organization. While the effects of shutting off information access are controversial, the topic of a kill switch does remain to be resolved.
Communications Act of 1934
The Communications Act of 1934 established the United States' Federal regulation of electronic communications by the Federal Communications Commission (FCC). This act, created by the Franklin D. Roosevelt Administration, gave the president powers of control over the media under certain circumstances. This act was the basis of regulatory power for the executive branch of the government to control electronic communications in the United States.
Telecommunications Act of 1996
Presidential Decision Directive 63 (PDD-63), signed in May 1998, established a structure under White House leadership to coordinate the activities of designated lead departments and agencies, in partnership with their counterparts from the private sector, to "eliminate any significant vulnerability to both physical and cyber attacks on our critical infrastructures, including especially our cyber systems".
Proposed Protecting Cyberspace as a National Asset Act of 2010
On June 19, 2010, Senator Joe Lieberman (I-CT) introduced the Protecting Cyberspace as a National Asset Act, which he co-wrote with Senator Susan Collins (R-ME) and Senator Thomas Carper (D-DE). If signed into law, this controversial bill, which the American media dubbed the kill switch bill, would have granted the President emergency powers over the Internet. Other parts of the bill focused on the establishment of an Office of Cyberspace Policy and on its missions, as well as on the coordination of cyberspace policy at the federal level.
The American Civil Liberties Union (ACLU) criticized the scope of the legislation in a letter to Senator Lieberman signed by several other civil liberty groups. Particularly, they asked how the authorities would classify what is critical communications infrastructure (CCI) and what is not, and how the government would preserve the right of free speech in cybersecurity emergencies. An automatic renewal provision within the proposed legislation would keep it going beyond thirty days. The group recommended that the legislation follows a strict First Amendment scrutiny test.
All three co-authors of the bill subsequently issued a statement claiming that the bill "[narrowed] existing broad Presidential authority to take over telecommunications networks", and Senator Lieberman contended that the bill did not seek to make a 'kill switch' option available ("the President will never take over – the government should never take over the Internet"), but instead insisted that serious steps had to be taken in order to counter a potential mass scale cyber attack. The Protecting Cyberspace as a National Asset Act of 2010 expired at the end of the 2009–2010 Congress without receiving a vote from either chamber.
There are several issues that may prevent a system to be established in the United States. The Telecommunications Act of 1996 deregulated the telecommunications market and allowed for the growth of data carrier services. Since the Federal Communications Commission (FCC) does not require registration of a company as an Internet Service Provider (ISP), there are only estimates available.[by whom?] As of April 2011, there are over 7,800 ISPs estimated[by whom?] to be operating in the United States. This makes implementation of a kill switch that much more difficult: each company would have to voluntarily comply. There is no law that gives the United States authority over an ISP without a court order.
A court order is not necessarily the solution either. Even if an ISP is forced by court order, the attack may have already taken place and the prophylactic methods too late in implementing. There are thousands of ISPs and since they do not have to register, there is no known way of contacting them in time and forcing the ISP to comply.
The regulations[which?] that the United States uses to regulate the information and data industry may have inadvertently made a true "Internet kill switch" impossible. The lack of regulation allowed for building of a patch-work system (ISPs, Internet Backbone) that is extremely complex and not fully known.[clarification needed]
In the United States, there are strong[clarification needed] citizen and business protection systems.[clarification needed] There is redress of grievances allowed to the courts or administrative authority.[which?] There is also the need for a court order for the government to shut off services. In addition to these fairly large roadblocks, there are human rights groups such as the ACLU, Amnesty International, and others. All of these reasons make implementing the Internet kill switch difficult.
The key[clarification needed] policy issue is whether or not the United States has the right constitutionally to restrict or cut off access to the Internet. The powers granted to the presidency starting with the Communications Act of 1934 seem to be adequate[to whom?] in dealing with this threat, and is one of the major criticisms[by whom?] of legislation determined to regulate this question. The next most important question[to whom?] is whether or not the United States even need this legislation or it would chip away[clarification needed] at individual liberties. The trade offs are apparent[to whom?] – if the government can control information online then it can limit access to information online. One of the biggest problems[to whom?] with the theory is what to classify as critical communications infrastructure and what to leave out.
Policy makers[who?] have to take into account the cost of shutting down the Internet, if it is even possible. The loss of the network for even a day could cost billions of dollars in lost revenue. The National Cybersecurity Center was set up to deal with these questions, to research threats and design and recommend prophylactic methods.
In many ways,[which?] the integration of networked computer-mediated communication systems into our[who?] business and personal lives means that the potential threat[which?] is increasing along with the potential problem of protecting a wide class of products.[which?] Utility systems can be monitored and controlled remotely, whereas it used to be a physical person.[clarification needed] So the issue of what an Internet kill switch could affect is growing steadily.[clarification needed]
The 2009 White House Assessment stated that there needed to be more work done on this issue and the National Cybersecurity Center was created to handle security issues. It is not known[by whom?] at this point if the Center has a policy regarding asserting control of the national networks.
In June 2016, Turkey introduced an Internet kill switch law permitting authorities to "partially or entirely" suspend Internet access due to wartime measures, national security or public order. The mechanism came to attention when Internet monitoring group Turkey Blocks detected a nationwide slowdown affecting several social network services on the eve of a major offensive during the 2016 Turkish military intervention in Syria. Similar Internet restrictions had previously been implemented during national emergencies to control the flow of information in the aftermath of terrorist attacks, originally without any clear legal grounding.
In the United Kingdom, the Communications Act 2003 and the Civil Contingencies Act 2004 allow the Secretary of State for Culture, Media and Sport to suspend Internet services, either by ordering Internet service providers to shut down operations or by closing Internet exchange points. A representative of the Department for Culture, Media and Sport said in 2011 that:
It would have to be a very serious threat for these powers to be used, something like a major cyber attack. The powers are subject to review and if it was used inappropriately there could be an appeal to the competitions appeal tribunal. Any decision to use them would have to comply with public law and the Human Rights Act.
Dr. Peter Gradwell, a trustee of the Nominet Trust, criticized the provisions in the Communications Act:
The legislation also includes the requirement to make compensatory payments for loss or damage. Would the Government want to foot the bill for switching off a multi- billion-pound industry? If a notice is served on an ISP and ignored, the penalty is only a fine. If the public were massing on the streets of London, I believe that many internet providers would be happy to argue the legitimacy of such a penalty in court.
On January 27, 2011, during the Egyptian Revolution of 2011, the government of President Hosni Mubarak cut off access to the Internet by all four national ISPs, and all mobile phone networks. This version of a kill switch was effected by a government-ordered shutdown of the Egyptian-run portion of the Domain Name System, and Border Gateway Protocol (BGP), making transmission of Internet traffic impossible for Egyptian ISPs. All network traffic ceased within two hours, according to Arbor Networks.
On January 15, 2019, internet monitoring group NetBlocks reported the blocking of over a dozen social media platforms in Zimbabwe followed by a wider internet blackout amid protests over the price of fuel. The first three days of the disruption cost the Zimbabwe's economy an estimated $17 million as the government extended its disruption to a full shutdown to prevent the use of VPN circumvention tools by demonstrators.
- Dainotti et al., Analysis of Country-wide Internet Outages Caused by Censorship, ACM, 2011
- "Cyberspace Policy Review" (PDF). USA Government. 2009. Archived from the original (PDF) on 2011-04-24.
- "Protecting Cyberspace as a National Asset Act of 2010". U.S. Congress.
- American Civil Liberties Union (23 June 2010). "Civil Liberties Issues in Cybersecurity Bill" (PDF).
- Hoover, J. Nicholas (24 June 2010). "Senators Say Cybersecurity Bill Has No 'Kill Switch'". informationweek.com. Retrieved 25 June 2010.
- Status of S.3480, 111th Congress, Status of H.R.5548, 111th Congress
- "Social media blocked in Turkey". Turkey Blocks. 2016-08-25. Retrieved 2017-05-17.
- "Did Turkey Test Its Wartime Censorship Capabilities?". The Daily Dot. 2016-08-27. Retrieved 2017-05-17.
- "Could the UK Government shut down the web?". The Independent. March 8, 2011.
- "Egyptian Revolt Unquelled By Total Comms Blackout". TechWeek. January 28, 2011.
- "JK is No. 1 in enforcing Internet blockade?". Greater Kashmir. 2017-04-05. Retrieved 2017-05-17.
- "Zimbabwe Internet shutdowns amid fuel price protests". NetBlocks. 2019-01-15. Retrieved 2019-01-24.
- Cotterill, Joseph (15 January 2019). "Zimbabwe cracks down violently on fuel protesters". Financial Times.
- CNN, Analysis by James Griffiths. "The internet is more vulnerable than you realize". CNN. Retrieved 2019-01-24.